CVE-2024-10447

A vulnerability classified as critical was found in Project Worlds Online Time Table Generator 1.0. Affected by this vulnerability is an unknown functionality of the file /timetable/staff/staffdashboard.php?info=updateprofile. The manipulation of the argument n leads to sql injection. The attack can be launched remotely.
Configurations

Configuration 1 (hide)

cpe:2.3:a:projectworlds:online_time_table_generator:1.0:*:*:*:*:*:*:*

History

31 Oct 2024, 01:23

Type Values Removed Values Added
First Time Projectworlds online Time Table Generator
Projectworlds
CPE cpe:2.3:a:projectworlds:online_time_table_generator:1.0:*:*:*:*:*:*:*
CVSS v2 : 6.5
v3 : 6.3
v2 : 6.5
v3 : 8.8
References () https://github.com/jadu101/CVE/blob/main/project_worlds_online_time_table_generator_update_profile_sqli.md - () https://github.com/jadu101/CVE/blob/main/project_worlds_online_time_table_generator_update_profile_sqli.md - Exploit
References () https://vuldb.com/?ctiid.282007 - () https://vuldb.com/?ctiid.282007 - Permissions Required
References () https://vuldb.com/?id.282007 - () https://vuldb.com/?id.282007 - Permissions Required
References () https://vuldb.com/?submit.432372 - () https://vuldb.com/?submit.432372 - Third Party Advisory
Summary
  • (es) Se ha encontrado una vulnerabilidad clasificada como crítica en Project Worlds Online Time Table Generator 1.0. Esta vulnerabilidad afecta a una funcionalidad desconocida del archivo /timetable/staff/staffdashboard.php?info=updateprofile. La manipulación del argumento n conduce a una inyección SQL. El ataque puede ejecutarse de forma remota.

28 Oct 2024, 13:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-10-28 13:15

Updated : 2024-10-31 01:23


NVD link : CVE-2024-10447

Mitre link : CVE-2024-10447

CVE.ORG link : CVE-2024-10447


JSON object : View

Products Affected

projectworlds

  • online_time_table_generator
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')